It is reported that the process that manufacturers must undertake to pre-qualify new technologies by the government is lengthy and burdensome and lacks transparency. It is also reported that the often-lengthy procurement process in Kuwait occasionally results in accusations of attempted bribery or the offering of other inducements by bidders.

Kuwait is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.

Under the Regulation on Supervision of Credit-Specialized Financial Business, electronic commerce firms operating on a cross-border basis have been prevented from either selling in KRW or storing domestic consumers’ credit card information unless they have registered in Korea as a Payment Gateway (PG) supplier or use a local PG company service for KRW-denominated transactions. In the absence of a PG registration (which requires firms to develop Korea-specific payment systems and customer interfaces and to have a local presence in Korea), foreign electronic commerce sites can only process dollar-denominated transactions for which customers enter their credit card information anew each time, which puts them at a competitive disadvantage as compared to local merchants. However, the Electronic Finance Supervisory Regulations do not impose the registration requirement for subsidiary electronic financial business entities which include PG services. It imposes such a requirement only on electronic financial business entities.

According to Art. 8 of the Notice of Import Customs Clearance for Express Goods, as amended in 2016 to increase the value of the de minimis rule, the de minimis threshold, meaning the minimum value of goods below which customs do not charge duties, is USD 150, which is below the 200 USD threshold recommended by the International Chamber of Commerce (ICC). This threshold applies to goods for personal consumption and samples not exceeding USD 150, with an exception for trade with the U.S. and Puerto Rico, where the threshold is USD 200 as per the Korea-US FTA, allowing these goods to be exempt from taxes and duties collected by customs.

According to Art. 4 of the Domain Name Management Rules set forth by the Korea Internet & Security Agency (KISA), domain name registrants must have a postal address of their place of residence in Korea. In addition, it is reported that a Copy of Company registration in Korea with proof of company address in both English and Korean languages is required for registration and that a Korean-based administrative contact is mandatory.

According to Art. 32 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, foreign IT service providers without an office in Korea are required to appoint a local agent responsible for ensuring compliance with data privacy regulations.

The Act on Consumer Protection in Electronic Commerce Transactions provides a comprehensive framework for consumer protection that also applies to online transactions. In addition, it is reported that for business-to-business transactions, the Regulation of Terms and Conditions Act and the Fair Trade Act are the main frameworks applied.

Korea has signed but not ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Korea has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Korea has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Pursuant to Art. 4 of the National Intelligence Service Korea Act and Art. 56 of the Electronic Government Act, the National Intelligence Service (NIS) imposes security verification requirements on network equipment and cyber-security software in government procurement. Generally, they may satisfy the requirement by showing that the products are certified at a Common Criteria Recognition Arrangement (CCRA) accredited lab outside of Korea. However, certain network equipment must undergo an additional security verification process. Furthermore, the Common Criteria (CC) certification may not be sufficient for two reasons. First, NIS may substitute the CC certification with other certification mechanisms that were internally developed (e.g., GS Certification). Second, NIS may reject a CC certification when it deems that the certification does not cover particular functions of the product that the government entity needs.

If software systems or hardware equipment such as virtual private networks and firewall systems deal with non-confidential yet important information and are to be used in the government, they must pass verification for appropriate encryption modules under the auspices of the National Intelligence Service (NIS). Appropriate encryption standards are developed in Korea, such as ARIA, SEED, LEA, and Hight. The suppliers need to submit the source code of their products to receive the verification test. The same encryption standards also apply to certain network equipment such as VPN and SW USB series.

The amendment of the Telecommunications Business Act by Act no. 12761 on 15 October 2014 included Art. 22-3. According to Art. 22-3, value-added telecommunication service providers, encompassing all online hosts of applications and content, must implement technical measures as outlined in the Presidential Decree to counteract the dissemination of explicit materials.

Under Art. 13 of the Act on the Promotion of Newspapers, a person who is not a national of Korea shall not be qualified as a publisher or editor of an online newspaper or as a news article layout manager of an online news service. This requirement has been in place since 2009.

Per Art. 5 of the Location Information Use and Protection Act, any person who intends to engage in location information business shall obtain permission from the Korea Communications Commission. According to Art. 18 of the Act, even if permitted to do such business, location information providers or location-based service providers cannot collect location information of individuals without individuals' consent. It is reported that, although a supplier may export location information once acquiring a permit, Korea has never approved such a permit despite numerous applications by foreign suppliers over the past decade.